7.5

CVE-2005-2127

Exploit

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft.Net Framework Version1.1
Microsoft.Net Framework Version1.1 Updatesp1
Microsoft.Net Framework Version1.1 Updatesp2
Microsoft.Net Framework Version1.1 Updatesp3
MicrosoftOffice Version2000
MicrosoftOffice Version2000 Langja
MicrosoftOffice Version2000 Langko
MicrosoftOffice Version2000 Langzh
MicrosoftOffice Version2000 Updatesp1
MicrosoftOffice Version2000 Updatesp2
MicrosoftOffice Version2000 Updatesp3
MicrosoftOffice Versionxp Updatesp1
MicrosoftOffice Versionxp Updatesp2
MicrosoftOffice Versionxp Updatesp3
MicrosoftProject Version98
MicrosoftProject Version2000
MicrosoftProject Version2002
MicrosoftProject Version2002 Updatesp1
MicrosoftProject Version2003
MicrosoftProject Version2003 Updatesp1
MicrosoftVisio Version2000 Updatesr1 SwEditionenterprise
MicrosoftVisio Version2002
MicrosoftVisio Version2002 SwEditionprofessional
MicrosoftVisio Version2002 Updatesp1
MicrosoftVisio Version2002 Updatesp2
MicrosoftVisio Version2002 Updatesp2 SwEditionprofessional
MicrosoftVisio Version2002 Updatesp2 SwEditionstandard
MicrosoftVisio Version2003
MicrosoftVisio Version2003 SwEditionprofessional
MicrosoftVisio Version2003 SwEditionstandard
MicrosoftVisio Version2003 Updatesp1
MicrosoftVisual Studio .Net Version2002 Updategold
MicrosoftVisual Studio .Net Version2003 SwEditionenterprise_architect
MicrosoftVisual Studio .Net Version2003 Updategold
MicrosoftVisual Studio .Net Versiongold SwEditionacademic
MicrosoftVisual Studio .Net Versiongold SwEditionenterprise_architect
MicrosoftVisual Studio .Net Versiongold SwEditionenterprise_developer
MicrosoftVisual Studio .Net Versiongold SwEditionprofessional
MicrosoftVisual Studio .Net Versiongold SwEditiontrial
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 44.57% 0.975
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/17223
Third Party Advisory
Permissions Required
http://www.us-cert.gov/cas/techalerts/TA05-347A.html
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/959049
Third Party Advisory
US Government Resource
http://secunia.com/advisories/17172
Third Party Advisory
Permissions Required
http://secunia.com/advisories/17509
Third Party Advisory
Permissions Required
http://securitytracker.com/id?1014727
Patch
Third Party Advisory
Vendor Advisory
Exploit
VDB Entry
http://www.kb.cert.org/vuls/id/740372
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/898241
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/14594
Patch
Third Party Advisory
Exploit
VDB Entry
http://www.securityfocus.com/bid/15061
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA05-284A.html
Third Party Advisory
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
Third Party Advisory
US Government Resource